If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

in the last week i switched all of my home systems from fedora core 5 to windows vista ultimate x64 rc1 to learn about this operating system.

i think security vendors arguments are about lost revenue and not about quality of product. vista is the first windows system that makes efforts to preserve the trusted computing base. the problem with old windows was the addition of bad security products was recommended and removed all assurance the trusted computing base offered. install one such package and the system is downgraded from an evaluated assurance level of 4+ to an unknown which must be viewed as a zero.

the article is strange. are the security companies saying that they know hackers can bypass the security controls to lock out kernel space access but they cannot. how can you know someone else can do something if you cannot reproduce it. are these hackers more skilled than the security companies. if so why bother with the security companies.

the big problem i see with vista is the user account control system. i like this system because it allows rights on demand and i do not need to think ahead for access i might need. unskilled users might become desensitized to the user access control prompts and give access to malicious processes. what is good for the goose is not always good for the gander.

the article is strange. are the security companies saying that they know hackers can bypass the security controls to lock out kernel space access but they cannot. how can you know someone else can do something if you cannot reproduce it. are these hackers more skilled than the security companies. if so why bother with the security companies.

The article says that the security companies know that Vista security has been breached... it does /not/ state or imply that the security companies don't know how it was done. Why do you make this assumption?

I'm sure they have some kind of ironclad agreement with MS that they are not allowed to breach Vista security in order to make it more secure. Also, do you want to give your money to a company that purposely breaks the OS in order to secure it? I know my organization wouldn't pay a dime to them... this is about reputation within the industry.

Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

So, if Microsoft finally is able to do what everyone has been bashing them for not doing in the past. They still get bashed because the security venders they USED in the past for making the changes everyone knew needed to be made from a technical standpoint. What I don't see this article mention is which release of Vista this was tested on. Was this one of the beta engine failures that were fixed or has it been found in the September technical refresh? While Non-disclosure is definatly something we need to be aware of, I doubt it would have been the case in the versioning related to this flaw. What this looks like is a corporate smear job. Some fact wrapped in with mis-direction and praying on the ignorance of average (and sub average) consumers.

I think we still need the third parties to keep the 4,000lb gorilla in check. But I dont agree with their need to hook into the core. To me it's like putting that new enterprise application in your environment. Do you really want it to extend your schema or just query it?

The children should all play nice, allow them the ability to query, double check that it is safe but dont make any changes. Report the changes. With the new kernal changes Redmond has put into Vista I am not our application venders need more controll over my system proformance then that.

Maybe, just maybe, Symantec and McAfee will become the good services citizens we all know they can be.

Anyway, we'll learn more at Windows Connections and the end of fourth (or is it first, or second) quarter.

The security vendors' problem, at this point, is the same as Microsoft's: they don't know yet how vulnerable Vista is, and in what ways.

I'm sure there'll still be a market for 3rd-party security products for Vista. What is going to hurt the security vendors is not so much how secure Vista may be, but all the hype about how secure it may be. The hype will put a dent in consumer sales of AV and similar products.

On the brighter side, this could all lead to another anti-trust lawsuit against MS. Maybe next time, they'll break up MS's monopoly.